Hi again, i'm using browser-policy to improve security against XSS. This is what appears in my client console when i loaded my meteor app with sharejs activated.
Refused to load the script 'http://ajaxorg.github.com/ace/build/src/ace.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
There are 0posts main.js?44864693a7c5e6807c732a29a1a625e0cdc22740:12
Refused to load the script 'http://ajaxorg.github.com/ace/build/src/ace.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
Uncaught ReferenceError: ace is not defined
I'm planning to integrate the download and serving of ace.js as part of the build process as mentioned in #3. Hopefully this will solve both these issues.
In commit 85760c5cb537f69a6306fded10f4e8817b884fc4, I switched to having the server download the ace.js library and serve it as a Meteor asset. It's probably a little brittle right now, but tested to be working, and should improve as we iron out the kinks.
Hi again, i'm using browser-policy to improve security against XSS. This is what appears in my client console when i loaded my meteor app with sharejs activated.
I'm planning to integrate the download and serving of
ace.jsas part of the build process as mentioned in #3. Hopefully this will solve both these issues.In commit 85760c5cb537f69a6306fded10f4e8817b884fc4, I switched to having the server download the
ace.jslibrary and serve it as a Meteor asset. It's probably a little brittle right now, but tested to be working, and should improve as we iron out the kinks.